ControlUp Community

Connect, Learn, and Grow

Onboarding Technicians into ControlUp: Tips and Tricks

Posted on

A user asked how technicians are onboarded into ControlUp and mentioned concerns about access through DEX and the VDI console. Other users chimed in with suggestions and possible solutions, mentioning changes made in version 9 of ControlUp. A helpful article on SSO groups was also referenced.

Read the entire ‘Onboarding Technicians into ControlUp: Tips and Tricks.’ thread below:

~how do you all onboard new technicians into ControlUp? I only want my help desk users accessing ControlUp via DEX, but want them to use the VDI(solve) primarily. I thought v9 would change this, but it seems its the same process. The way I am doing it, is adding the email in DEX, inviting the user via the realtime console in "Login Setup", then add the user to the right ControlUp Admin role I created for access to the right security policy. Does that all sound right?~

actually please disregard this!

its actually working beautifully

all I had to do is add the user to DEX, assign the right role, and all is working with no additional config in the RT console. Great work!

Are you sure? I’m pretty sure that you need to go to the RT console security policy and assign the DEX account email address to a role that has the permission "Use Web Application" before they can sign in to the VDI web console through DEX.

But it is possible to automate this if you are using SAML IdP groups to set permissions.

Or maybe that is what you meant… Either way, I don’t think it is possible to invite a user to DEX and let them access the VDI Web Console without first making a change to the RT security policy.

Even if a user has this permission in DEX (Access VDI & DaaS), they should be blocked if they do not also have the correct permission in the security policy.

At least that’s how I understood it!

yeah so I have a should have been more detailed here

it appears I can access the VDI portion of DEX, in read only, by just simply adding them in DEX

I believe as long as the user is in the right active directory security group, then I am good

testing that to make sure

Ok, I guess you have this enabled?

What you said sounds right ("as long as the user is in the right active directory security group").

In 9.0 it’s also possible to sign in using only your ControlUp account and no LDAP. I thought that is what you were doing.

oh ok nice. im using saml

I didnt se that, so cool!

hmm, I wonder why I dont see that

Oh… Maybe that isn’t out until 9.0 is GA.

hmm ok bummer

can you turn that on for me on my v9 😉

Maybe @member is willing 🙂

haha, anything to make this simpler!

thats a great feature to add

so with v9, there is no more "Solve Users" right?

so as long as the user is part of the right AD group, it should be good? Having a bit of an issue getting admin

viewing works

Yeah, there’s no "Solve user". And you should be an admin if the user in in an AD group that is assigned to a role that has the "Manage Web Application" permission

Because you use SAML you can:

• Automatically assign DEX account user permissions on user groups in your IdP. You can do this already (https://support.controlup.com/docs/saml-sso-for-dex#assign-user-roles-to-idp-groups)

• For 9.0, you will also be able to assign the IdP group to a security policy role with the Use/Manage Web Application permission.

This means a brand new user can sign in to DEX and use the VDI web console without having an Active Directory user and without having to manually set any permissions. That should make onboarding pretty seamless.

Hi Josh,

Glad to hear you are enjoying the DEX Platform 🙂.

From v9 you don’t need to have the Solve User and we make the log in easier for SAML users.

when you are saying "having a bit issue getting the admin role" what do you mean?

We enforce the UPN assigned to the user in the security policy as always.

@member that sounds amazing! Cant wait for it

@member I am good now, it just took a bit to apply the new permissions

this is still a huge improvement for onboarding new users! so what Timothy was talking about is even better but this is great for now

thanks both for your quick replies!

Some light reading about SSO groups for easier role assignments

https://support.controlup.com/docs/saml-sso-for-dex?highlight=SSO%20groups

nice this is great!

Continue reading and comment on the thread ‘Onboarding Technicians into ControlUp: Tips and Tricks’.  Not a member? Join Here!

Categories: All Archives, ControlUp DEX Platform, ControlUp Real-Time DX
Topics: , , , , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!